[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Windows domain authentication error

From: Flanakin Michael C Ctr HQ OSSG/OMR <Michael.Flanakin.Ctr_at_Gunter.Af.Mil>
Date: 2005-12-07 22:13:56 CET

Oh, I completely forgot about the username issues, but here's what I
found out: you'll need every name in the authz file at least twice
(three times for good measure). Windows isn't case-sensitive, but Svn
is, so you'll need one with domain and username in all caps and one with
just the username in all lowercase chars. To make it slightly simpler on
users, I recommend you add a third with the domain and username in all
lowercase chars. Here's an excerpt from mine:
 
[groups]
svn-admin = DOMAIN\FLANAKINM, domain\flanakinm, flanakinm
[/]
@svn-admin = rw

Michael

________________________________

From: Frank Gruman [mailto:fgatwork@verizon.net]
Sent: Wednesday, December 07, 2005 3:05 PM
To: Deepak Balasubramaniam
Cc: Kyle Kline; users@subversion.tigris.org
Subject: Re: Windows domain authentication error

Deepak Balasubramaniam wrote:

        Hi Kyle,
            Thanks for replying. I tried using the format you specified
but still i get the same error.
         
        Regards,
        Deepak

         
        On 12/7/05, Kyle Kline <kyle.kline@gmail.com> wrote:

                if the name of your repo is truly svntest, then the perm
entry should look like this:
                [svntest:/]
                Deepak.B = rw
                
                
                
                
                On 12/7/05, Deepak Balasubramaniam <
deepakbalasubramaniam@gmail.com <mailto:deepakbalasubramaniam@gmail.com>
> wrote:

                        Hi All,
                             We are currently in the process of
migrating our Version management from VSS to SVN. I was trying to setup
the windows domain authentication for SVN and followed all the steps
mentioned at http://www.subversionary.org/sspidomainauth. But when i try
to access the repository i get an Authenticantion denied error. I have
given the info from apache error.log below. We have installed apache
2.0.55 and SVN 1.2.3 .
                         
                        The entry i have in apache conf file is:

                        <Location "/test">
                            dav svn
                            SVNPath "d:/svntest"

                            # our user authentication policy
                            AuthName "SVN Server"
                            AuthType SSPI
                            SSPIAuth On
                            SSPIAuthoritative On
                            SSPIDomain nazcasolutions
                            SSPIOfferBasic on #let non-IE clients
authenticate
                            #SSPIOmitDomain On # keep domain name in
userid string
                                               # passed down to
mod_authz_svn
                            Require valid-user # A Require directive
may? prevent userid
                                                # strings from being
passed down to mod_authz_svn

                            # our access control policy enforced by
mod_authz_svn
                            AuthzSVNAccessFile
"d:/svndav/svnaccess.conf"

                        </Location>

                        The entry i have in svnaccess.conf file is:

                        [test]
                        Deepak.B = rw

                        The error i get in error.log is:
                        [Wed Dec 07 12:31:12 2005] [notice]
Apache/2.0.55 (Win32) SVN/1.2.3 DAV/2 mod_auth_sspi/1.0.3 configured --
resuming normal operations
                        [Wed Dec 07 12:31:12 2005] [notice] Server
built: Oct 9 2005 19:16:56
                        [Wed Dec 07 12:31:12 2005] [notice] Parent:
Created child process 3732
                        [Wed Dec 07 12:31:12 2005] [notice] Child 3732:
Child process is running
                        [Wed Dec 07 12:31:13 2005] [notice] Child 448:
Released the start mutex
                        [Wed Dec 07 12:31:13 2005] [notice] Child 3732:
Acquired the start mutex.
                        [Wed Dec 07 12:31:13 2005] [notice] Child 3732:
Starting 250 worker threads.
                        [Wed Dec 07 12:31:14 2005] [notice] Child 448:
Waiting for 250 worker threads to exit.
                        [Wed Dec 07 12:31:14 2005] [notice] Child 448:
All worker threads have exited.
                        [Wed Dec 07 12:31:14 2005] [notice] Child 448:
Child process is exiting
                        [Wed Dec 07 12:48:05 2005] [error] [client
10.1.1.102 <http://10.1.1.102/> ] Access denied:
'nazcasolutions\\Deepak.B' PROPFIND test:/trunk
                         
                         

Try one of these things (but not necessarily all at the same time):

1 - don't use your domain name when logging in. You are already
specifying a domain in your SSPI configuration.

2 - Add your domain name in front of your username in your AUTHZ file.

3 - Uncomment the SSPIOmitDomain directive. If the domain is provided
on the front end, this should strip it off and provide the name only to
the authentication level.

m2c

Regards,
Frank
Received on Wed Dec 7 22:23:58 2005

This is an archived mail posted to the Subversion Users mailing list.